News & Resources

Publications & Media

“Federal Agencies Release Guidance on Cyber Sharing”

Safe and Sound By Heather L. Buchta and Elizabeth R. Gebarski

Right on the nose – “[n]ot later than 60 days after the date of the enactment of [the Cybersecurity Information Sharing Act of 2015]” – federal agencies made good on their direction in the Cybersecurity Information Sharing Act of 2015 (“CISA”), releasing guidance regarding sharing cyber threat indicators with the federal government. The Director of National Intelligence, the Secretary of Homeland Security, the Secretary of Defense, and the Attorney General, in consultation with the heads of the appropriate federal entities, were tasked with developing procedures to facilitate and promote cybersecurity information sharing under CISA, which was signed into law on December 18, 2015.

The four guidance documents are the first steps towards implementation of CISA.

  • Interim Privacy and Civil Liberties Guidelines. Privacy and Civil Liberties Interim Guidelines: Cybersecurity Information Sharing Act of 2015 was released by the Department of Homeland Security and the Department of Justice. It explains how the federal government “shall follow procedures designed to limit the effect on privacy and civil liberties of federal activities under CISA” by identifying guidelines governing the receipt, use and dissemination of indicators by federal entities.

Companies that follow these guidelines can expect some level of liability protection. Next on this blog’s radar is the looming 90-day deadline for the Department of Health and Human Services to convene a task force to address cybersecurity issues unique to the health care industry.

Resources